diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index c02d21c8e..8c22d7740 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -26,6 +26,11 @@ #ifndef CTAO_CRYPT_SETTINGS_H #define CTAO_CRYPT_SETTINGS_H +#define CYASSL_SHA512 +//WOLFSSL_SHA512 +#define CYASSL_SHA384 +//WOLFSSL_SHA384 + #ifdef __cplusplus extern "C" { #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 17bee034d..576d26d24 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -23,11 +23,6 @@ #include #endif - -/* compatability layer temporary */ -#include - - #include #ifndef NO_ASN @@ -2996,7 +2991,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SHA512 case CTC_SHA512wRSA: case CTC_SHA512wECDSA: - if (wc_Sha512Hash(buf, bufSz, digest) == 0) { + if (Sha512Hash(buf, bufSz, digest) == 0) { typeH = SHA512h; digestSz = SHA512_DIGEST_SIZE; } @@ -3005,7 +3000,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SHA384 case CTC_SHA384wRSA: case CTC_SHA384wECDSA: - if (wc_Sha384Hash(buf, bufSz, digest) == 0) { + if (Sha384Hash(buf, bufSz, digest) == 0) { typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; } diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index aa211c406..4d89b9006 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -23,26 +23,13 @@ #include #endif -#include +#include #ifndef NO_DES3 -#ifdef HAVE_FIPS - /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ - #define FIPS_NO_WRAPPERS -#endif - #include -#include -#include - -#ifdef NO_INLINE - #include -#else - #include -#endif - +#ifdef HAVE_FIPS #ifdef HAVE_CAVIUM static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, @@ -51,8 +38,6 @@ word32 length); #endif - - int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { return Des_SetKey(des, key, iv, dir); @@ -143,5 +128,1545 @@ void wc_Des3_FreeCavium(Des3* des3) #endif /* HAVE_CAVIUM */ +#else +#include +#include +#ifdef NO_INLINE + #include +#else + #include +#endif + + +#ifdef HAVE_CAVIUM + static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); + static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length); + static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length); +#endif + + + + +#ifdef STM32F2_CRYPTO + /* + * STM32F2 hardware DES/3DES support through the STM32F2 standard + * peripheral library. Documentation located in STM32F2xx Standard + * Peripheral Library document (See note in README). + */ + #include "stm32f2xx.h" + #include "stm32f2xx_cryp.h" + + int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + { + word32 *dkey = des->key; + + XMEMCPY(dkey, key, 8); + ByteReverseWords(dkey, dkey, 8); + + wc_Des_SetIV(des, iv); + + return 0; + } + + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + { + word32 *dkey1 = des->key[0]; + word32 *dkey2 = des->key[1]; + word32 *dkey3 = des->key[2]; + + XMEMCPY(dkey1, key, 8); /* set key 1 */ + XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ + XMEMCPY(dkey3, key + 16, 8); /* set key 3 */ + + ByteReverseWords(dkey1, dkey1, 8); + ByteReverseWords(dkey2, dkey2, 8); + ByteReverseWords(dkey3, dkey3, 8); + + return Des3_SetIV(des, iv); + } + + void DesCrypt(Des* des, byte* out, const byte* in, word32 sz, + int dir, int mode) + { + word32 *dkey, *iv; + CRYP_InitTypeDef DES_CRYP_InitStructure; + CRYP_KeyInitTypeDef DES_CRYP_KeyInitStructure; + CRYP_IVInitTypeDef DES_CRYP_IVInitStructure; + + dkey = des->key; + iv = des->reg; + + /* crypto structure initialization */ + CRYP_KeyStructInit(&DES_CRYP_KeyInitStructure); + CRYP_StructInit(&DES_CRYP_InitStructure); + CRYP_IVStructInit(&DES_CRYP_IVInitStructure); + + /* reset registers to their default values */ + CRYP_DeInit(); + + /* set direction, mode, and datatype */ + if (dir == DES_ENCRYPTION) { + DES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + } else { /* DES_DECRYPTION */ + DES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + } + + if (mode == DES_CBC) { + DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_CBC; + } else { /* DES_ECB */ + DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_ECB; + } + + DES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&DES_CRYP_InitStructure); + + /* load key into correct registers */ + DES_CRYP_KeyInitStructure.CRYP_Key1Left = dkey[0]; + DES_CRYP_KeyInitStructure.CRYP_Key1Right = dkey[1]; + CRYP_KeyInit(&DES_CRYP_KeyInitStructure); + + /* set iv */ + ByteReverseWords(iv, iv, DES_BLOCK_SIZE); + DES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; + DES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; + CRYP_IVInit(&DES_CRYP_IVInitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + while (sz > 0) + { + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + /* if input and output same will overwrite input iv */ + XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + + CRYP_DataIn(*(uint32_t*)&in[0]); + CRYP_DataIn(*(uint32_t*)&in[4]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&out[0] = CRYP_DataOut(); + *(uint32_t*)&out[4] = CRYP_DataOut(); + + /* store iv for next call */ + XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE); + + sz -= DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + out += DES_BLOCK_SIZE; + } + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + } + + int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC); + return 0; + } + + int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC); + return 0; + } + + int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB); + return 0; + } + + void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, + int dir) + { + word32 *dkey1, *dkey2, *dkey3, *iv; + CRYP_InitTypeDef DES3_CRYP_InitStructure; + CRYP_KeyInitTypeDef DES3_CRYP_KeyInitStructure; + CRYP_IVInitTypeDef DES3_CRYP_IVInitStructure; + + dkey1 = des->key[0]; + dkey2 = des->key[1]; + dkey3 = des->key[2]; + iv = des->reg; + + /* crypto structure initialization */ + CRYP_KeyStructInit(&DES3_CRYP_KeyInitStructure); + CRYP_StructInit(&DES3_CRYP_InitStructure); + CRYP_IVStructInit(&DES3_CRYP_IVInitStructure); + + /* reset registers to their default values */ + CRYP_DeInit(); + + /* set direction, mode, and datatype */ + if (dir == DES_ENCRYPTION) { + DES3_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + } else { + DES3_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + } + + DES3_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_TDES_CBC; + DES3_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&DES3_CRYP_InitStructure); + + /* load key into correct registers */ + DES3_CRYP_KeyInitStructure.CRYP_Key1Left = dkey1[0]; + DES3_CRYP_KeyInitStructure.CRYP_Key1Right = dkey1[1]; + DES3_CRYP_KeyInitStructure.CRYP_Key2Left = dkey2[0]; + DES3_CRYP_KeyInitStructure.CRYP_Key2Right = dkey2[1]; + DES3_CRYP_KeyInitStructure.CRYP_Key3Left = dkey3[0]; + DES3_CRYP_KeyInitStructure.CRYP_Key3Right = dkey3[1]; + CRYP_KeyInit(&DES3_CRYP_KeyInitStructure); + + /* set iv */ + ByteReverseWords(iv, iv, DES_BLOCK_SIZE); + DES3_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; + DES3_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; + CRYP_IVInit(&DES3_CRYP_IVInitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + while (sz > 0) + { + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + CRYP_DataIn(*(uint32_t*)&in[0]); + CRYP_DataIn(*(uint32_t*)&in[4]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&out[0] = CRYP_DataOut(); + *(uint32_t*)&out[4] = CRYP_DataOut(); + + /* store iv for next call */ + XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + + sz -= DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + out += DES_BLOCK_SIZE; + } + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + + } + + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + Des3Crypt(des, out, in, sz, DES_ENCRYPTION); + return 0; + } + + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + Des3Crypt(des, out, in, sz, DES_DECRYPTION); + return 0; + } + +#elif defined(HAVE_COLDFIRE_SEC) + +#include + +#include "sec.h" +#include "mcf5475_sec.h" +#include "mcf5475_siu.h" + +#if defined (HAVE_THREADX) +#include "memory_pools.h" +extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ +#endif + +#define DES_BUFFER_SIZE (DES_BLOCK_SIZE * 64) +static unsigned char *desBuffIn = NULL ; +static unsigned char *desBuffOut = NULL ; +static byte *secIV ; +static byte *secKey ; +static volatile SECdescriptorType *secDesc ; + +static wolfSSL_Mutex Mutex_DesSEC ; + +#define SEC_DESC_DES_CBC_ENCRYPT 0x20500010 +#define SEC_DESC_DES_CBC_DECRYPT 0x20400010 +#define SEC_DESC_DES3_CBC_ENCRYPT 0x20700010 +#define SEC_DESC_DES3_CBC_DECRYPT 0x20600010 + +#define DES_IVLEN 8 +#define DES_KEYLEN 8 +#define DES3_IVLEN 8 +#define DES3_KEYLEN 24 + +extern volatile unsigned char __MBAR[]; + +static void wc_Des_Cbc(byte* out, const byte* in, word32 sz, + byte *key, byte *iv, word32 desc) +{ + #ifdef DEBUG_WOLFSSL + int ret ; int stat1,stat2 ; + #endif + int size ; + volatile int v ; + + LockMutex(&Mutex_DesSEC) ; + + secDesc->length1 = 0x0; + secDesc->pointer1 = NULL; + if((desc==SEC_DESC_DES_CBC_ENCRYPT)||(desc==SEC_DESC_DES_CBC_DECRYPT)){ + secDesc->length2 = DES_IVLEN ; + secDesc->length3 = DES_KEYLEN ; + } else { + secDesc->length2 = DES3_IVLEN ; + secDesc->length3 = DES3_KEYLEN ; + } + secDesc->pointer2 = secIV ; + secDesc->pointer3 = secKey; + secDesc->pointer4 = desBuffIn ; + secDesc->pointer5 = desBuffOut ; + secDesc->length6 = 0; + secDesc->pointer6 = NULL; + secDesc->length7 = 0x0; + secDesc->pointer7 = NULL; + secDesc->nextDescriptorPtr = NULL ; + + while(sz) { + XMEMCPY(secIV, iv, secDesc->length2) ; + if((sz%DES_BUFFER_SIZE) == sz) { + size = sz ; + sz = 0 ; + } else { + size = DES_BUFFER_SIZE ; + sz -= DES_BUFFER_SIZE ; + } + + XMEMCPY(desBuffIn, in, size) ; + XMEMCPY(secKey, key, secDesc->length3) ; + + secDesc->header = desc ; + secDesc->length4 = size; + secDesc->length5 = size; + /* Point SEC to the location of the descriptor */ + MCF_SEC_FR0 = (uint32)secDesc; + /* Initialize SEC and wait for encryption to complete */ + MCF_SEC_CCCR0 = 0x0000001a; + /* poll SISR to determine when channel is complete */ + v=0 ; + while((secDesc->header>> 24) != 0xff) { + if(v++ > 1000)break ; + } + +#ifdef DEBUG_WOLFSSL + ret = MCF_SEC_SISRH; + stat1 = MCF_SEC_DSR ; + stat2 = MCF_SEC_DISR ; + if(ret & 0xe0000000) { + /* db_printf("Des_Cbc(%x):ISRH=%08x, DSR=%08x, DISR=%08x\n", desc, ret, stat1, stat2) ; */ + } +#endif + + XMEMCPY(out, desBuffOut, size) ; + + if((desc==SEC_DESC_DES3_CBC_ENCRYPT)||(desc==SEC_DESC_DES_CBC_ENCRYPT)) { + XMEMCPY((void*)iv, (void*)&(out[size-secDesc->length2]), secDesc->length2) ; + } else { + XMEMCPY((void*)iv, (void*)&(in[size-secDesc->length2]), secDesc->length2) ; + } + + in += size ; + out += size ; + + } + UnLockMutex(&Mutex_DesSEC) ; + +} + + +int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + wc_Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ; + return 0; +} + +int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + wc_Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ; + return 0; +} + +int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) +{ + wc_Des_Cbc(out, in, sz, (byte *)des3->key, (byte *)des3->reg, SEC_DESC_DES3_CBC_ENCRYPT) ; + return 0; +} + + +int Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz) +{ + wc_Des_Cbc(out, in, sz, (byte *)des3->key, (byte *)des3->reg, SEC_DESC_DES3_CBC_DECRYPT) ; + return 0; +} + +static void setParity(byte *buf, int len) +{ + int i, j ; + byte v ; + int bits ; + + for(i=0; i> 1 ; + buf[i] = v << 1 ; + bits = 0 ; + for(j=0; j<7; j++) + { + bits += (v&0x1) ; + v = v >> 1 ; + } + buf[i] |= (1 - (bits&0x1)) ; + } + +} + + +int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) +{ + if(desBuffIn == NULL) { + #if defined (HAVE_THREADX) + int s1, s2, s3, s4, s5 ; + s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, + sizeof(SECdescriptorType), TX_NO_WAIT); + s1 = tx_byte_allocate(&mp_ncached,(void *)&desBuffIn, DES_BUFFER_SIZE, TX_NO_WAIT); + s2 = tx_byte_allocate(&mp_ncached,(void *)&desBuffOut, DES_BUFFER_SIZE, TX_NO_WAIT); + /* Don't know des or des3 to be used. Allocate larger buffers */ + s3 = tx_byte_allocate(&mp_ncached,(void *)&secKey, DES3_KEYLEN,TX_NO_WAIT); + s4 = tx_byte_allocate(&mp_ncached,(void *)&secIV, DES3_IVLEN, TX_NO_WAIT); + #else + #warning "Allocate non-Cache buffers" + #endif + + InitMutex(&Mutex_DesSEC) ; + } + + XMEMCPY(des->key, key, DES_KEYLEN); + setParity((byte *)des->key, DES_KEYLEN) ; + + if (iv) { + XMEMCPY(des->reg, iv, DES_IVLEN); + } else { + XMEMSET(des->reg, 0x0, DES_IVLEN) ; + } + return 0; +} + +int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) +{ + + if(desBuffIn == NULL) { + #if defined (HAVE_THREADX) + int s1, s2, s3, s4, s5 ; + s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, + sizeof(SECdescriptorType), TX_NO_WAIT); + s1 = tx_byte_allocate(&mp_ncached,(void *)&desBuffIn, DES_BUFFER_SIZE, TX_NO_WAIT); + s2 = tx_byte_allocate(&mp_ncached,(void *)&desBuffOut, DES_BUFFER_SIZE, TX_NO_WAIT); + s3 = tx_byte_allocate(&mp_ncached,(void *)&secKey, DES3_KEYLEN,TX_NO_WAIT); + s4 = tx_byte_allocate(&mp_ncached,(void *)&secIV, DES3_IVLEN, TX_NO_WAIT); + #else + #warning "Allocate non-Cache buffers" + #endif + + InitMutex(&Mutex_DesSEC) ; + } + + XMEMCPY(des3->key[0], key, DES3_KEYLEN); + setParity((byte *)des3->key[0], DES3_KEYLEN) ; + + if (iv) { + XMEMCPY(des3->reg, iv, DES3_IVLEN); + } else { + XMEMSET(des3->reg, 0x0, DES3_IVLEN) ; + } + return 0; + +} + +#elif defined FREESCALE_MMCAU + /* + * Freescale mmCAU hardware DES/3DES support through the CAU/mmCAU library. + * Documentation located in ColdFire/ColdFire+ CAU and Kinetis mmCAU + * Software Library User Guide (See note in README). + */ + #include "cau_api.h" + + const unsigned char parityLookup[128] = + { + 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0, + 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1, + 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1, + 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0 + }; + + int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + { + int i = 0; + byte* dkey = (byte*)des->key; + + XMEMCPY(dkey, key, 8); + + wc_Des_SetIV(des, iv); + + /* fix key parity, if needed */ + for (i = 0; i < 8; i++) { + dkey[i] = ((dkey[i] & 0xFE) | parityLookup[dkey[i] >> 1]); + } + + return 0; + } + + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + { + int i = 0, ret = 0; + byte* dkey1 = (byte*)des->key[0]; + byte* dkey2 = (byte*)des->key[1]; + byte* dkey3 = (byte*)des->key[2]; + + XMEMCPY(dkey1, key, 8); /* set key 1 */ + XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ + XMEMCPY(dkey3, key + 16, 8); /* set key 3 */ + + ret = Des3_SetIV(des, iv); + if (ret != 0) + return ret; + + /* fix key parity if needed */ + for (i = 0; i < 8; i++) + dkey1[i] = ((dkey1[i] & 0xFE) | parityLookup[dkey1[i] >> 1]); + + for (i = 0; i < 8; i++) + dkey2[i] = ((dkey2[i] & 0xFE) | parityLookup[dkey2[i] >> 1]); + + for (i = 0; i < 8; i++) + dkey3[i] = ((dkey3[i] & 0xFE) | parityLookup[dkey3[i] >> 1]); + + return ret; + } + + int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + byte *iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_des_encrypt(temp_block, (byte*)des->key, out + offset); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + + return 0; + } + + int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + byte* iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + cau_des_decrypt(in + offset, (byte*)des->key, out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return 0; + } + + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte *iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_des_encrypt(temp_block , (byte*)des->key[0], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + + return 0; + } + + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte* iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + cau_des_decrypt(in + offset , (byte*)des->key[2], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return 0; + } + + +#elif defined(WOLFSSL_PIC32MZ_CRYPT) + + #include "wolfssl/ctaocrypt/port/pic32/pic32mz-crypt.h" + +void wc_Des_SetIV(Des* des, const byte* iv); +int Des3_SetIV(Des3* des, const byte* iv); + + int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + { + word32 *dkey = des->key ; + word32 *dreg = des->reg ; + + XMEMCPY((byte *)dkey, (byte *)key, 8); + ByteReverseWords(dkey, dkey, 8); + XMEMCPY((byte *)dreg, (byte *)iv, 8); + ByteReverseWords(dreg, dreg, 8); + + return 0; + } + + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + { + word32 *dkey1 = des->key[0]; + word32 *dreg = des->reg ; + + XMEMCPY(dkey1, key, 24); + ByteReverseWords(dkey1, dkey1, 24); + XMEMCPY(dreg, iv, 8); + ByteReverseWords(dreg, dreg, 8) ; + + return 0; + } + + void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz, + int dir, int algo, int cryptoalgo) + { + securityAssociation *sa_p ; + bufferDescriptor *bd_p ; + const byte *in_p, *in_l ; + byte *out_p, *out_l ; + volatile securityAssociation sa __attribute__((aligned (8))); + volatile bufferDescriptor bd __attribute__((aligned (8))); + volatile int k ; + + /* get uncached address */ + + in_l = in; + out_l = out ; + sa_p = KVA0_TO_KVA1(&sa) ; + bd_p = KVA0_TO_KVA1(&bd) ; + in_p = KVA0_TO_KVA1(in_l) ; + out_p= KVA0_TO_KVA1(out_l); + + if(PIC32MZ_IF_RAM(in_p)) + XMEMCPY((void *)in_p, (void *)in, sz); + XMEMSET((void *)out_p, 0, sz); + + /* Set up the Security Association */ + XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa)); + sa_p->SA_CTRL.ALGO = algo ; + sa_p->SA_CTRL.LNC = 1; + sa_p->SA_CTRL.LOADIV = 1; + sa_p->SA_CTRL.FB = 1; + sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */ + sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo; + sa_p->SA_CTRL.KEYSIZE = 1 ; /* KEY is 192 bits */ + XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCKEY[algo==PIC32_ALGO_TDES ? 2 : 6]), + (byte *)key, algo==PIC32_ALGO_TDES ? 24 : 8); + XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCIV[2]), (byte *)iv, 8); + + XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd)); + /* Set up the Buffer Descriptor */ + bd_p->BD_CTRL.BUFLEN = sz; + bd_p->BD_CTRL.LIFM = 1; + bd_p->BD_CTRL.SA_FETCH_EN = 1; + bd_p->BD_CTRL.LAST_BD = 1; + bd_p->BD_CTRL.DESC_EN = 1; + + bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */ + bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */ + bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */ + bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd); + bd_p->MSGLEN = sz ; + + /* Fire in the hole! */ + CECON = 1 << 6; + while (CECON); + + /* Run the engine */ + CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */ + CEINTEN = 0x07; + CECON = 0x27; + + WAIT_ENGINE ; + + if((cryptoalgo == PIC32_CRYPTOALGO_CBC) || + (cryptoalgo == PIC32_CRYPTOALGO_TCBC)|| + (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) { + /* set iv for the next call */ + if(dir == PIC32_ENCRYPTION) { + XMEMCPY((void *)iv, (void*)&(out_p[sz-DES_IVLEN]), DES_IVLEN) ; + } else { + ByteReverseWords((word32*)iv, (word32 *)&(in_p[sz-DES_IVLEN]), + DES_IVLEN); + } + + } + + ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz); + } + + int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des->key, des->reg, out, in, sz, + PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC ); + return 0; + } + + int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des->key, des->reg, out, in, sz, + PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC); + return 0; + } + + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des->key[0], des->reg, out, in, sz, + PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC); + return 0; + } + + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + DesCrypt(des->key[0], des->reg, out, in, sz, + PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC); + return 0; + } + +#else /* CTaoCrypt software implementation */ + +/* permuted choice table (key) */ +static const byte pc1[] = { + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +/* number left rotations of pc1 */ +static const byte totrot[] = { + 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 +}; + +/* permuted choice key (table) */ +static const byte pc2[] = { + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +/* End of DES-defined tables */ + +/* bit 0 is left-most in byte */ +static const int bytebit[] = { + 0200,0100,040,020,010,04,02,01 +}; + +static const word32 Spbox[8][64] = { +{ +0x01010400,0x00000000,0x00010000,0x01010404, +0x01010004,0x00010404,0x00000004,0x00010000, +0x00000400,0x01010400,0x01010404,0x00000400, +0x01000404,0x01010004,0x01000000,0x00000004, +0x00000404,0x01000400,0x01000400,0x00010400, +0x00010400,0x01010000,0x01010000,0x01000404, +0x00010004,0x01000004,0x01000004,0x00010004, +0x00000000,0x00000404,0x00010404,0x01000000, +0x00010000,0x01010404,0x00000004,0x01010000, +0x01010400,0x01000000,0x01000000,0x00000400, +0x01010004,0x00010000,0x00010400,0x01000004, +0x00000400,0x00000004,0x01000404,0x00010404, +0x01010404,0x00010004,0x01010000,0x01000404, +0x01000004,0x00000404,0x00010404,0x01010400, +0x00000404,0x01000400,0x01000400,0x00000000, +0x00010004,0x00010400,0x00000000,0x01010004}, +{ +0x80108020,0x80008000,0x00008000,0x00108020, +0x00100000,0x00000020,0x80100020,0x80008020, +0x80000020,0x80108020,0x80108000,0x80000000, +0x80008000,0x00100000,0x00000020,0x80100020, +0x00108000,0x00100020,0x80008020,0x00000000, +0x80000000,0x00008000,0x00108020,0x80100000, +0x00100020,0x80000020,0x00000000,0x00108000, +0x00008020,0x80108000,0x80100000,0x00008020, +0x00000000,0x00108020,0x80100020,0x00100000, +0x80008020,0x80100000,0x80108000,0x00008000, +0x80100000,0x80008000,0x00000020,0x80108020, +0x00108020,0x00000020,0x00008000,0x80000000, +0x00008020,0x80108000,0x00100000,0x80000020, +0x00100020,0x80008020,0x80000020,0x00100020, +0x00108000,0x00000000,0x80008000,0x00008020, +0x80000000,0x80100020,0x80108020,0x00108000}, +{ +0x00000208,0x08020200,0x00000000,0x08020008, +0x08000200,0x00000000,0x00020208,0x08000200, +0x00020008,0x08000008,0x08000008,0x00020000, +0x08020208,0x00020008,0x08020000,0x00000208, +0x08000000,0x00000008,0x08020200,0x00000200, +0x00020200,0x08020000,0x08020008,0x00020208, +0x08000208,0x00020200,0x00020000,0x08000208, +0x00000008,0x08020208,0x00000200,0x08000000, +0x08020200,0x08000000,0x00020008,0x00000208, +0x00020000,0x08020200,0x08000200,0x00000000, +0x00000200,0x00020008,0x08020208,0x08000200, +0x08000008,0x00000200,0x00000000,0x08020008, +0x08000208,0x00020000,0x08000000,0x08020208, +0x00000008,0x00020208,0x00020200,0x08000008, +0x08020000,0x08000208,0x00000208,0x08020000, +0x00020208,0x00000008,0x08020008,0x00020200}, +{ +0x00802001,0x00002081,0x00002081,0x00000080, +0x00802080,0x00800081,0x00800001,0x00002001, +0x00000000,0x00802000,0x00802000,0x00802081, +0x00000081,0x00000000,0x00800080,0x00800001, +0x00000001,0x00002000,0x00800000,0x00802001, +0x00000080,0x00800000,0x00002001,0x00002080, +0x00800081,0x00000001,0x00002080,0x00800080, +0x00002000,0x00802080,0x00802081,0x00000081, +0x00800080,0x00800001,0x00802000,0x00802081, +0x00000081,0x00000000,0x00000000,0x00802000, +0x00002080,0x00800080,0x00800081,0x00000001, +0x00802001,0x00002081,0x00002081,0x00000080, +0x00802081,0x00000081,0x00000001,0x00002000, +0x00800001,0x00002001,0x00802080,0x00800081, +0x00002001,0x00002080,0x00800000,0x00802001, +0x00000080,0x00800000,0x00002000,0x00802080}, +{ +0x00000100,0x02080100,0x02080000,0x42000100, +0x00080000,0x00000100,0x40000000,0x02080000, +0x40080100,0x00080000,0x02000100,0x40080100, +0x42000100,0x42080000,0x00080100,0x40000000, +0x02000000,0x40080000,0x40080000,0x00000000, +0x40000100,0x42080100,0x42080100,0x02000100, +0x42080000,0x40000100,0x00000000,0x42000000, +0x02080100,0x02000000,0x42000000,0x00080100, +0x00080000,0x42000100,0x00000100,0x02000000, +0x40000000,0x02080000,0x42000100,0x40080100, +0x02000100,0x40000000,0x42080000,0x02080100, +0x40080100,0x00000100,0x02000000,0x42080000, +0x42080100,0x00080100,0x42000000,0x42080100, +0x02080000,0x00000000,0x40080000,0x42000000, +0x00080100,0x02000100,0x40000100,0x00080000, +0x00000000,0x40080000,0x02080100,0x40000100}, +{ +0x20000010,0x20400000,0x00004000,0x20404010, +0x20400000,0x00000010,0x20404010,0x00400000, +0x20004000,0x00404010,0x00400000,0x20000010, +0x00400010,0x20004000,0x20000000,0x00004010, +0x00000000,0x00400010,0x20004010,0x00004000, +0x00404000,0x20004010,0x00000010,0x20400010, +0x20400010,0x00000000,0x00404010,0x20404000, +0x00004010,0x00404000,0x20404000,0x20000000, +0x20004000,0x00000010,0x20400010,0x00404000, +0x20404010,0x00400000,0x00004010,0x20000010, +0x00400000,0x20004000,0x20000000,0x00004010, +0x20000010,0x20404010,0x00404000,0x20400000, +0x00404010,0x20404000,0x00000000,0x20400010, +0x00000010,0x00004000,0x20400000,0x00404010, +0x00004000,0x00400010,0x20004010,0x00000000, +0x20404000,0x20000000,0x00400010,0x20004010}, +{ +0x00200000,0x04200002,0x04000802,0x00000000, +0x00000800,0x04000802,0x00200802,0x04200800, +0x04200802,0x00200000,0x00000000,0x04000002, +0x00000002,0x04000000,0x04200002,0x00000802, +0x04000800,0x00200802,0x00200002,0x04000800, +0x04000002,0x04200000,0x04200800,0x00200002, +0x04200000,0x00000800,0x00000802,0x04200802, +0x00200800,0x00000002,0x04000000,0x00200800, +0x04000000,0x00200800,0x00200000,0x04000802, +0x04000802,0x04200002,0x04200002,0x00000002, +0x00200002,0x04000000,0x04000800,0x00200000, +0x04200800,0x00000802,0x00200802,0x04200800, +0x00000802,0x04000002,0x04200802,0x04200000, +0x00200800,0x00000000,0x00000002,0x04200802, +0x00000000,0x00200802,0x04200000,0x00000800, +0x04000002,0x04000800,0x00000800,0x00200002}, +{ +0x10001040,0x00001000,0x00040000,0x10041040, +0x10000000,0x10001040,0x00000040,0x10000000, +0x00040040,0x10040000,0x10041040,0x00041000, +0x10041000,0x00041040,0x00001000,0x00000040, +0x10040000,0x10000040,0x10001000,0x00001040, +0x00041000,0x00040040,0x10040040,0x10041000, +0x00001040,0x00000000,0x00000000,0x10040040, +0x10000040,0x10001000,0x00041040,0x00040000, +0x00041040,0x00040000,0x10041000,0x00001000, +0x00000040,0x10040040,0x00001000,0x00041040, +0x10001000,0x00000040,0x10000040,0x10040000, +0x10040040,0x10000000,0x00040000,0x10001040, +0x00000000,0x10041040,0x00040040,0x10000040, +0x10040000,0x10001000,0x10001040,0x00000000, +0x10041040,0x00041000,0x00041000,0x00001040, +0x00001040,0x00040040,0x10000000,0x10041000} +}; + + +static INLINE void IPERM(word32* left, word32* right) +{ + word32 work; + + *right = rotlFixed(*right, 4U); + work = (*left ^ *right) & 0xf0f0f0f0; + *left ^= work; + + *right = rotrFixed(*right^work, 20U); + work = (*left ^ *right) & 0xffff0000; + *left ^= work; + + *right = rotrFixed(*right^work, 18U); + work = (*left ^ *right) & 0x33333333; + *left ^= work; + + *right = rotrFixed(*right^work, 6U); + work = (*left ^ *right) & 0x00ff00ff; + *left ^= work; + + *right = rotlFixed(*right^work, 9U); + work = (*left ^ *right) & 0xaaaaaaaa; + *left = rotlFixed(*left^work, 1U); + *right ^= work; +} + + +static INLINE void FPERM(word32* left, word32* right) +{ + word32 work; + + *right = rotrFixed(*right, 1U); + work = (*left ^ *right) & 0xaaaaaaaa; + *right ^= work; + + *left = rotrFixed(*left^work, 9U); + work = (*left ^ *right) & 0x00ff00ff; + *right ^= work; + + *left = rotlFixed(*left^work, 6U); + work = (*left ^ *right) & 0x33333333; + *right ^= work; + + *left = rotlFixed(*left^work, 18U); + work = (*left ^ *right) & 0xffff0000; + *right ^= work; + + *left = rotlFixed(*left^work, 20U); + work = (*left ^ *right) & 0xf0f0f0f0; + *right ^= work; + + *left = rotrFixed(*left^work, 4U); +} + + +static int DesSetKey(const byte* key, int dir, word32* out) +{ +#ifdef WOLFSSL_SMALL_STACK + byte* buffer = (byte*)XMALLOC(56+56+8, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (buffer == NULL) + return MEMORY_E; +#else + byte buffer[56+56+8]; +#endif + + { + byte* const pc1m = buffer; /* place to modify pc1 into */ + byte* const pcr = pc1m + 56; /* place to rotate pc1 into */ + byte* const ks = pcr + 56; + register int i, j, l; + int m; + + for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ + l = pc1[j] - 1; /* integer bit location */ + m = l & 07; /* find bit */ + pc1m[j] = (key[l >> 3] & /* find which key byte l is in */ + bytebit[m]) /* and which bit of that byte */ + ? 1 : 0; /* and store 1-bit result */ + } + + for (i = 0; i < 16; i++) { /* key chunk for each iteration */ + XMEMSET(ks, 0, 8); /* Clear key schedule */ + + for (j = 0; j < 56; j++) /* rotate pc1 the right amount */ + pcr[j] = + pc1m[(l = j + totrot[i]) < (j < 28 ? 28 : 56) ? l : l-28]; + + /* rotate left and right halves independently */ + for (j = 0; j < 48; j++) { /* select bits individually */ + if (pcr[pc2[j] - 1]) { /* check bit that goes to ks[j] */ + l= j % 6; /* mask it in if it's there */ + ks[j/6] |= bytebit[l] >> 2; + } + } + + /* Now convert to odd/even interleaved form for use in F */ + out[2*i] = ((word32) ks[0] << 24) + | ((word32) ks[2] << 16) + | ((word32) ks[4] << 8) + | ((word32) ks[6]); + + out[2*i + 1] = ((word32) ks[1] << 24) + | ((word32) ks[3] << 16) + | ((word32) ks[5] << 8) + | ((word32) ks[7]); + } + + /* reverse key schedule order */ + if (dir == DES_DECRYPTION) { + for (i = 0; i < 16; i += 2) { + word32 swap = out[i]; + out[i] = out[DES_KS_SIZE - 2 - i]; + out[DES_KS_SIZE - 2 - i] = swap; + + swap = out[i + 1]; + out[i + 1] = out[DES_KS_SIZE - 1 - i]; + out[DES_KS_SIZE - 1 - i] = swap; + } + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + } + + return 0; +} + + +static INLINE int Reverse(int dir) +{ + return !dir; +} + + +int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) +{ + wc_Des_SetIV(des, iv); + + return DesSetKey(key, dir, des->key); +} + + +int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) +{ + int ret; + +#ifdef HAVE_CAVIUM + if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumSetKey(des, key, iv); +#endif + + ret = DesSetKey(key + (dir == DES_ENCRYPTION ? 0:16), dir, des->key[0]); + if (ret != 0) + return ret; + + ret = DesSetKey(key + 8, Reverse(dir), des->key[1]); + if (ret != 0) + return ret; + + ret = DesSetKey(key + (dir == DES_DECRYPTION ? 0:16), dir, des->key[2]); + if (ret != 0) + return ret; + + return Des3_SetIV(des, iv); +} + + +static void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr) +{ + word32 l = *lIn, r = *rIn, i; + + for (i=0; i<8; i++) + { + word32 work = rotrFixed(r, 4U) ^ kptr[4*i+0]; + l ^= Spbox[6][(work) & 0x3f] + ^ Spbox[4][(work >> 8) & 0x3f] + ^ Spbox[2][(work >> 16) & 0x3f] + ^ Spbox[0][(work >> 24) & 0x3f]; + work = r ^ kptr[4*i+1]; + l ^= Spbox[7][(work) & 0x3f] + ^ Spbox[5][(work >> 8) & 0x3f] + ^ Spbox[3][(work >> 16) & 0x3f] + ^ Spbox[1][(work >> 24) & 0x3f]; + + work = rotrFixed(l, 4U) ^ kptr[4*i+2]; + r ^= Spbox[6][(work) & 0x3f] + ^ Spbox[4][(work >> 8) & 0x3f] + ^ Spbox[2][(work >> 16) & 0x3f] + ^ Spbox[0][(work >> 24) & 0x3f]; + work = l ^ kptr[4*i+3]; + r ^= Spbox[7][(work) & 0x3f] + ^ Spbox[5][(work >> 8) & 0x3f] + ^ Spbox[3][(work >> 16) & 0x3f] + ^ Spbox[1][(work >> 24) & 0x3f]; + } + + *lIn = l; *rIn = r; +} + + +static void DesProcessBlock(Des* des, const byte* in, byte* out) +{ + word32 l, r; + + XMEMCPY(&l, in, sizeof(l)); + XMEMCPY(&r, in + sizeof(l), sizeof(r)); + #ifdef LITTLE_ENDIAN_ORDER + l = ByteReverseWord32(l); + r = ByteReverseWord32(r); + #endif + IPERM(&l,&r); + + DesRawProcessBlock(&l, &r, des->key); + + FPERM(&l,&r); + #ifdef LITTLE_ENDIAN_ORDER + l = ByteReverseWord32(l); + r = ByteReverseWord32(r); + #endif + XMEMCPY(out, &r, sizeof(r)); + XMEMCPY(out + sizeof(r), &l, sizeof(l)); +} + + +static void Des3ProcessBlock(Des3* des, const byte* in, byte* out) +{ + word32 l, r; + + XMEMCPY(&l, in, sizeof(l)); + XMEMCPY(&r, in + sizeof(l), sizeof(r)); + #ifdef LITTLE_ENDIAN_ORDER + l = ByteReverseWord32(l); + r = ByteReverseWord32(r); + #endif + IPERM(&l,&r); + + DesRawProcessBlock(&l, &r, des->key[0]); + DesRawProcessBlock(&r, &l, des->key[1]); + DesRawProcessBlock(&l, &r, des->key[2]); + + FPERM(&l,&r); + #ifdef LITTLE_ENDIAN_ORDER + l = ByteReverseWord32(l); + r = ByteReverseWord32(r); + #endif + XMEMCPY(out, &r, sizeof(r)); + XMEMCPY(out + sizeof(r), &l, sizeof(l)); +} + + +int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks = sz / DES_BLOCK_SIZE; + + while (blocks--) { + xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); + DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg); + XMEMCPY(out, des->reg, DES_BLOCK_SIZE); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } + return 0; +} + + +int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks = sz / DES_BLOCK_SIZE; + byte hold[DES_BLOCK_SIZE]; + + while (blocks--) { + XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); + DesProcessBlock(des, (byte*)des->tmp, out); + xorbuf(out, (byte*)des->reg, DES_BLOCK_SIZE); + + XMEMCPY(hold, des->reg, DES_BLOCK_SIZE); + XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE); + XMEMCPY(des->tmp, hold, DES_BLOCK_SIZE); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } + return 0; +} + + +int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks; + +#ifdef HAVE_CAVIUM + if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcEncrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; + while (blocks--) { + xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); + Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg); + XMEMCPY(out, des->reg, DES_BLOCK_SIZE); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } + return 0; +} + + +int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks; + +#ifdef HAVE_CAVIUM + if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcDecrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; + while (blocks--) { + XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); + Des3ProcessBlock(des, (byte*)des->tmp, out); + xorbuf(out, (byte*)des->reg, DES_BLOCK_SIZE); + XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } + return 0; +} + +#ifdef WOLFSSL_DES_ECB + +/* One block, compatibility only */ +int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks = sz / DES_BLOCK_SIZE; + + while (blocks--) { + DesProcessBlock(des, in, out); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } + return 0; +} + +#endif /* WOLFSSL_DES_ECB */ + +#endif /* STM32F2_CRYPTO */ + +void wc_Des_SetIV(Des* des, const byte* iv) +{ + if (des && iv) + XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); + else if (des) + XMEMSET(des->reg, 0, DES_BLOCK_SIZE); +} + + +int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des* des = NULL; +#else + Des des[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des == NULL) + return MEMORY_E; +#endif + + ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = wc_Des_CbcDecrypt(des, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +int Des3_SetIV(Des3* des, const byte* iv) +{ + if (des && iv) + XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); + else if (des) + XMEMSET(des->reg, 0, DES_BLOCK_SIZE); + + return 0; +} + + +int Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des3* des3 = NULL; +#else + Des3 des3[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des3 == NULL) + return MEMORY_E; +#endif + + ret = Des3_SetKey(des3, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = Des3_CbcDecrypt(des3, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +#ifdef HAVE_CAVIUM + +#include "cavium_common.h" + +/* Initiliaze Des3 for use with Nitrox device */ +int wc_Des3_InitCavium(Des3* des3, int devId) +{ + if (des3 == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0) + return -1; + + des3->devId = devId; + des3->magic = WOLFSSL_3DES_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Des3 from use with Nitrox device */ +void wc_Des3_FreeCavium(Des3* des3) +{ + if (des3 == NULL) + return; + + if (des3->magic != WOLFSSL_3DES_CAVIUM_MAGIC) + return; + + CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId); + des3->magic = 0; +} + + +static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv) +{ + if (des3 == NULL) + return -1; + + /* key[0] holds key, iv in reg */ + XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3); + + return Des3_SetIV(des3, iv); +} + + +static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + wolfssl_word offset = 0; + word32 requestId; + + while (length > WOLFSSL_MAX_16BIT) { + word16 slen = (word16)WOLFSSL_MAX_16BIT; + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + return -1; + } + length -= WOLFSSL_MAX_16BIT; + offset += WOLFSSL_MAX_16BIT; + XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + return -1; + } + XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + return 0; +} + +static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + word32 requestId; + wolfssl_word offset = 0; + + while (length > WOLFSSL_MAX_16BIT) { + word16 slen = (word16)WOLFSSL_MAX_16BIT; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + WOLFSSL_MSG("Bad Cavium 3Des Decrypt"); + return -1; + } + length -= WOLFSSL_MAX_16BIT; + offset += WOLFSSL_MAX_16BIT; + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE); + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + WOLFSSL_MSG("Bad Cavium 3Des Decrypt"); + return -1; + } + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); + } + return 0; +} + +#endif /* HAVE_CAVIUM */ +#endif /* HAVE_FIPS */ #endif /* NO_DES3 */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 5d579a1e2..3a395ec13 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -23,27 +23,16 @@ #include #endif -#include +#include /* on HPUX 11 you may need to install /dev/random see http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I */ -#ifdef HAVE_FIPS - /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ - #define FIPS_NO_WRAPPERS -#endif - #include -#include - -#ifdef __cplusplus - extern "C" { -#endif - - +#ifdef HAVE_FIPS int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) { return GenerateSeed(os, seed, sz); @@ -127,9 +116,963 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b) #define RNG_HealthTest RNG_HealthTest_fips #endif /* FIPS_NO_WRAPPERS */ #endif /* HAVE_FIPS */ +#else +#include + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + + #include + + #ifdef NO_INLINE + #include + #else + #include + #endif +#endif /* HAVE_HASHDRBG || NO_RC4 */ + +#if defined(USE_WINDOWS_API) + #ifndef _WIN32_WINNT + #define _WIN32_WINNT 0x0400 + #endif + #include + #include +#else + #if !defined(NO_DEV_RANDOM) && !defined(WOLFSSL_MDK_ARM) \ + && !defined(WOLFSSL_IAR_ARM) + #include + #ifndef EBSNET + #include + #endif + #else + /* include headers that may be needed to get good seed */ + #endif +#endif /* USE_WINDOWS_API */ -#ifdef __cplusplus - } /* extern "C" */ +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + +/* Start NIST DRBG code */ + +#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) +#define MAX_REQUEST_LEN (0x10000) +#define RESEED_INTERVAL (1000000) +#define SECURITY_STRENGTH (256) +#define ENTROPY_SZ (SECURITY_STRENGTH/8) +#define NONCE_SZ (ENTROPY_SZ/2) +#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) + +/* Internal return codes */ +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_FAILURE 2 +#define DRBG_NEED_RESEED 3 +#define DRBG_CONT_FAILURE 4 + +/* RNG health states */ +#define DRBG_NOT_INIT 0 +#define DRBG_OK 1 +#define DRBG_FAILED 2 +#define DRBG_CONT_FAILED 3 + + +enum { + drbgInitC = 0, + drbgReseed = 1, + drbgGenerateW = 2, + drbgGenerateH = 3, + drbgInitV +}; + + +typedef struct DRBG { + Sha256 sha; + byte digest[SHA256_DIGEST_SIZE]; + byte V[DRBG_SEED_LEN]; + byte C[DRBG_SEED_LEN]; + word32 reseedCtr; + word32 lastBlock; + byte matchCount; +} DRBG; + + +/* Hash Derivation Function */ +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, + const byte* inA, word32 inASz, + const byte* inB, word32 inBSz) +{ + byte ctr; + int i; + int len; + word32 bits = (outSz * 8); /* reverse byte order */ + + #ifdef LITTLE_ENDIAN_ORDER + bits = ByteReverseWord32(bits); + #endif + len = (outSz / OUTPUT_BLOCK_LEN) + + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); + + for (i = 0, ctr = 1; i < len; i++, ctr++) + { + if (InitSha256(&drbg->sha) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, &ctr, sizeof(ctr)) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, (byte*)&bits, sizeof(bits)) != 0) + return DRBG_FAILURE; + + /* churning V is the only string that doesn't have + * the type added */ + if (type != drbgInitV) + if (Sha256Update(&drbg->sha, &type, sizeof(type)) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, inA, inASz) != 0) + return DRBG_FAILURE; + + if (inB != NULL && inBSz > 0) + if (Sha256Update(&drbg->sha, inB, inBSz) != 0) + return DRBG_FAILURE; + + if (Sha256Final(&drbg->sha, drbg->digest) != 0) + return DRBG_FAILURE; + + if (outSz > OUTPUT_BLOCK_LEN) { + XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN); + outSz -= OUTPUT_BLOCK_LEN; + out += OUTPUT_BLOCK_LEN; + } + else { + XMEMCPY(out, drbg->digest, outSz); + } + } + + return DRBG_SUCCESS; +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) +{ + byte seed[DRBG_SEED_LEN]; + + if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V), + entropy, entropySz) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } + + XMEMCPY(drbg->V, seed, sizeof(drbg->V)); + XMEMSET(seed, 0, sizeof(seed)); + + if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, + sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } + + drbg->reseedCtr = 1; + drbg->lastBlock = 0; + drbg->matchCount = 0; + return DRBG_SUCCESS; +} + +static INLINE void array_add_one(byte* data, word32 dataSz) +{ + int i; + + for (i = dataSz - 1; i >= 0; i--) + { + data[i]++; + if (data[i] != 0) break; + } +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) +{ + byte data[DRBG_SEED_LEN]; + int i; + int len; + word32 checkBlock; + + /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for + * the continuous test. */ + + if (outSz == 0) outSz = 1; + + len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); + + XMEMCPY(data, V, sizeof(data)); + for (i = 0; i < len; i++) { + if (InitSha256(&drbg->sha) != 0 || + Sha256Update(&drbg->sha, data, sizeof(data)) != 0 || + Sha256Final(&drbg->sha, drbg->digest) != 0) { + + return DRBG_FAILURE; + } + + checkBlock = *(word32*)drbg->digest; + if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { + if (drbg->matchCount == 1) { + return DRBG_CONT_FAILURE; + } + else { + if (i == len) { + len++; + } + drbg->matchCount = 1; + } + } + else { + drbg->matchCount = 0; + drbg->lastBlock = checkBlock; + } + + if (outSz >= OUTPUT_BLOCK_LEN) { + XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN); + outSz -= OUTPUT_BLOCK_LEN; + out += OUTPUT_BLOCK_LEN; + array_add_one(data, DRBG_SEED_LEN); + } + else if (out != NULL && outSz != 0) { + XMEMCPY(out, drbg->digest, outSz); + outSz = 0; + } + } + XMEMSET(data, 0, sizeof(data)); + + return DRBG_SUCCESS; +} + + +static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) +{ + word16 carry = 0; + + if (dLen > 0 && sLen > 0 && dLen >= sLen) { + int sIdx, dIdx; + + for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) + { + carry += d[dIdx] + s[sIdx]; + d[dIdx] = carry; + carry >>= 8; + } + + for (; carry != 0 && dIdx >= 0; dIdx--) { + carry += d[dIdx]; + d[dIdx] = carry; + carry >>= 8; + } + } +} + + +/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ +static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) +{ + int ret = DRBG_NEED_RESEED; + + if (drbg->reseedCtr != RESEED_INTERVAL) { + byte type = drbgGenerateH; + word32 reseedCtr = drbg->reseedCtr; + + ret = Hash_gen(drbg, out, outSz, drbg->V); + if (ret == DRBG_SUCCESS) { + if (InitSha256(&drbg->sha) != 0 || + Sha256Update(&drbg->sha, &type, sizeof(type)) != 0 || + Sha256Update(&drbg->sha, drbg->V, sizeof(drbg->V)) != 0 || + Sha256Final(&drbg->sha, drbg->digest) != 0) { + + ret = DRBG_FAILURE; + } + else { + array_add(drbg->V, sizeof(drbg->V), + drbg->digest, sizeof(drbg->digest)); + array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C)); + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(drbg->V, sizeof(drbg->V), + (byte*)&reseedCtr, sizeof(reseedCtr)); + ret = DRBG_SUCCESS; + } + drbg->reseedCtr++; + } + } + + return ret; +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, + const byte* nonce, word32 nonceSz) +{ + int ret = DRBG_FAILURE; + + XMEMSET(drbg, 0, sizeof(DRBG)); + + if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, + nonce, nonceSz) == DRBG_SUCCESS && + Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, + sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { + + drbg->reseedCtr = 1; + drbg->lastBlock = 0; + drbg->matchCount = 0; + ret = DRBG_SUCCESS; + } + + return ret; +} + + +/* Returns: DRBG_SUCCESS */ +static int Hash_DRBG_Uninstantiate(DRBG* drbg) +{ + XMEMSET(drbg, 0, sizeof(DRBG)); + + return DRBG_SUCCESS; +} + +/* End NIST DRBG Code */ + + +/* Get seed and key cipher */ +int wc_InitRng(RNG* rng) +{ + int ret = BAD_FUNC_ARG; + + if (rng != NULL) { + byte entropy[ENTROPY_NONCE_SZ]; + + rng->drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); + if (rng->drbg == NULL) { + ret = MEMORY_E; + } + /* This doesn't use a separate nonce. The entropy input will be + * the default size plus the size of the nonce making the seed + * size. */ + else if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && + Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ, + NULL, 0) == DRBG_SUCCESS) { + + ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); + } + else + ret = DRBG_FAILURE; + + XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); + + if (ret == DRBG_SUCCESS) { + rng->status = DRBG_OK; + ret = 0; + } + else if (ret == DRBG_CONT_FAILURE) { + rng->status = DRBG_CONT_FAILED; + ret = DRBG_CONT_FIPS_E; + } + else if (ret == DRBG_FAILURE) { + rng->status = DRBG_FAILED; + ret = RNG_FAILURE_E; + } + else { + rng->status = DRBG_FAILED; + } + } + + return ret; +} + + +/* place a generated block in output */ +int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + int ret; + + if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) + return BAD_FUNC_ARG; + + if (rng->status != DRBG_OK) + return RNG_FAILURE_E; + + ret = Hash_DRBG_Generate(rng->drbg, output, sz); + + if (ret == DRBG_NEED_RESEED) { + byte entropy[ENTROPY_SZ]; + + if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && + Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) == DRBG_SUCCESS) { + + ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); + if (ret == DRBG_SUCCESS) + ret = Hash_DRBG_Generate(rng->drbg, output, sz); + } + else + ret = DRBG_FAILURE; + + XMEMSET(entropy, 0, ENTROPY_SZ); + } + + if (ret == DRBG_SUCCESS) { + ret = 0; + } + else if (ret == DRBG_CONT_FAILURE) { + ret = DRBG_CONT_FIPS_E; + rng->status = DRBG_CONT_FAILED; + } + else { + ret = RNG_FAILURE_E; + rng->status = DRBG_FAILED; + } + + return ret; +} + + +int wc_RNG_GenerateByte(RNG* rng, byte* b) +{ + return wc_RNG_GenerateBlock(rng, b, 1); +} + + +int wc_FreeRng(RNG* rng) +{ + int ret = BAD_FUNC_ARG; + + if (rng != NULL) { + if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS) + ret = 0; + else + ret = RNG_FAILURE_E; + + XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG); + rng->drbg = NULL; + rng->status = DRBG_NOT_INIT; + } + + return ret; +} + + +int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + byte* output, word32 outputSz) +{ + DRBG drbg; + + if (entropyA == NULL || output == NULL) + return BAD_FUNC_ARG; + + if (reseed != 0 && entropyB == NULL) + return BAD_FUNC_ARG; + + if (outputSz != (SHA256_DIGEST_SIZE * 4)) + return -1; + + if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0) + return -1; + + if (reseed) { + if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + } + + if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + + if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + + Hash_DRBG_Uninstantiate(&drbg); + + return 0; +} + + +#else /* HAVE_HASHDRBG || NO_RC4 */ + +/* Get seed and key cipher */ +int wc_InitRng(RNG* rng) +{ + int ret; +#ifdef WOLFSSL_SMALL_STACK + byte* key; + byte* junk; +#else + byte key[32]; + byte junk[256]; #endif +#ifdef HAVE_CAVIUM + if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC) + return 0; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + return MEMORY_E; + + junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (junk == NULL) { + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + ret = wc_GenerateSeed(&rng->seed, key, 32); + + if (ret == 0) { + Arc4SetKey(&rng->cipher, key, sizeof(key)); + + ret = wc_RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/ + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#ifdef HAVE_CAVIUM + static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); +#endif + +/* place a generated block in output */ +int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ +#ifdef HAVE_CAVIUM + if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC) + return CaviumRNG_GenerateBlock(rng, output, sz); +#endif + XMEMSET(output, 0, sz); + Arc4Process(&rng->cipher, output, output, sz); + + return 0; +} + + +int wc_RNG_GenerateByte(RNG* rng, byte* b) +{ + return wc_RNG_GenerateBlock(rng, b, 1); +} + + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RNG for use with Nitrox device */ +int wc_InitRngCavium(RNG* rng, int devId) +{ + if (rng == NULL) + return -1; + + rng->devId = devId; + rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC; + + return 0; +} + + +static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + cyassl_word offset = 0; + word32 requestId; + + while (sz > WOLFSSL_MAX_16BIT) { + word16 slen = (word16)WOLFSSL_MAX_16BIT; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + WOLFSSL_MSG("Cavium RNG failed"); + } + sz -= WOLFSSL_MAX_16BIT; + offset += WOLFSSL_MAX_16BIT; + } + if (sz) { + word16 slen = (word16)sz; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + WOLFSSL_MSG("Cavium RNG failed"); + } + } +} + +#endif /* HAVE_CAVIUM */ + +#endif /* HAVE_HASHDRBG || NO_RC4 */ + + +#if defined(USE_WINDOWS_API) + + +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + return WINCRYPT_E; + + if (!CryptGenRandom(os->handle, sz, output)) + return CRYPTGEN_E; + + CryptReleaseContext(os->handle, 0); + + return 0; +} + + +#elif defined(HAVE_RTP_SYS) || defined(EBSNET) + +#include "rtprand.h" /* rtp_rand () */ +#include "rtptime.h" /* rtp_get_system_msec() */ + + +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + rtp_srand(rtp_get_system_msec()); + + for (i = 0; i < sz; i++ ) { + output[i] = rtp_rand() % 256; + if ( (i % 8) == 7) + rtp_srand(rtp_get_system_msec()); + } + + return 0; +} + + +#elif defined(MICRIUM) + +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + NetSecure_InitSeed(output, sz); + #endif + return 0; +} + +#elif defined(MBED) + +/* write a real one !!!, just for testing board */ +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; +} + +#elif defined(MICROCHIP_PIC32) + +#ifdef MICROCHIP_MPLAB_HARMONY + #define PIC32_SEED_COUNT _CP0_GET_COUNT +#else + #if !defined(WOLFSSL_MICROCHIP_PIC32MZ) + #include + #endif + #define PIC32_SEED_COUNT ReadCoreTimer +#endif + #ifdef WOLFSSL_MIC32MZ_RNG + #include "xc.h" + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i ; + byte rnd[8] ; + word32 *rnd32 = (word32 *)rnd ; + word32 size = sz ; + byte* op = output ; + + /* This part has to be replaced with better random seed */ + RNGNUMGEN1 = ReadCoreTimer(); + RNGPOLY1 = ReadCoreTimer(); + RNGPOLY2 = ReadCoreTimer(); + RNGNUMGEN2 = ReadCoreTimer(); +#ifdef DEBUG_WOLFSSL + printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ; +#endif + RNGCONbits.PLEN = 0x40; + RNGCONbits.PRNGEN = 1; + for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */ + volatile int x ; + x = RNGNUMGEN1 ; + x = RNGNUMGEN2 ; + } + do { + rnd32[0] = RNGNUMGEN1; + rnd32[1] = RNGNUMGEN2; + + for(i=0; i<8; i++, op++) { + *op = rnd[i] ; + size -- ; + if(size==0)break ; + } + } while(size) ; + return 0; + } + #else /* WOLFSSL_MIC32MZ_RNG */ + /* uses the core timer, in nanoseconds to seed srand */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + srand(PIC32_SEED_COUNT() * 25); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ( (i % 8) == 7) + srand(PIC32_SEED_COUNT() * 25); + } + return 0; + } + #endif /* WOLFSSL_MIC32MZ_RNG */ + +#elif defined(FREESCALE_MQX) + + #ifdef FREESCALE_K70_RNGA + /* + * wc_Generates a RNG seed using the Random Number Generator Accelerator + * on the Kinetis K70. Documentation located in Chapter 37 of + * K70 Sub-Family Reference Manual (see Note 3 in the README for link). + */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* turn on RNGA module */ + SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; + + /* set SLP bit to 0 - "RNGA is not in sleep mode" */ + RNG_CR &= ~RNG_CR_SLP_MASK; + + /* set HA bit to 1 - "security violations masked" */ + RNG_CR |= RNG_CR_HA_MASK; + + /* set GO bit to 1 - "output register loaded with data" */ + RNG_CR |= RNG_CR_GO_MASK; + + for (i = 0; i < sz; i++) { + + /* wait for RNG FIFO to be full */ + while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {} + + /* get value */ + output[i] = RNG_OR; + } + + return 0; + } + + #elif defined(FREESCALE_K53_RNGB) + /* + * wc_Generates a RNG seed using the Random Number Generator (RNGB) + * on the Kinetis K53. Documentation located in Chapter 33 of + * K53 Sub-Family Reference Manual (see note in the README for link). + */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* turn on RNGB module */ + SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK; + + /* reset RNGB */ + RNG_CMD |= RNG_CMD_SR_MASK; + + /* FIFO generate interrupt, return all zeros on underflow, + * set auto reseed */ + RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK); + + /* gen seed, clear interrupts, clear errors */ + RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK); + + /* wait for seeding to complete */ + while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {} + + for (i = 0; i < sz; i++) { + + /* wait for a word to be available from FIFO */ + while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {} + + /* get value */ + output[i] = RNG_OUT; + } + + return 0; + } + + #else + #warning "write a real random seed!!!!, just for testing now" + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; + } + #endif /* FREESCALE_K70_RNGA */ + +#elif defined(WOLFSSL_SAFERTOS) || defined(CYASSL_LEANPSK) \ + || defined(WOLFSSL_IAR_ARM) || defined(CYASSL_MDK_ARM) + +#warning "write a real random seed!!!!, just for testing now" + +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + (void)os; + + return 0; +} + +#elif defined(STM32F2_RNG) + #undef RNG + #include "stm32f2xx_rng.h" + #include "stm32f2xx_rcc.h" + /* + * wc_Generate a RNG seed using the hardware random number generator + * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral + * Library document (See note in README). + */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* enable RNG clock source */ + RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE); + + /* enable RNG peripheral */ + RNG_Cmd(ENABLE); + + for (i = 0; i < sz; i++) { + /* wait until RNG number is ready */ + while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { } + + /* get value */ + output[i] = RNG_GetRandomNumber(); + } + + return 0; + } +#elif defined(WOLFSSL_LPC43xx) || defined(CYASSL_STM32F2xx) + + #warning "write a real random seed!!!!, just for testing now" + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; + } + +#elif defined(WOLFSSL_TIRTOS) + + #include + #include + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + srand(xdc_runtime_Timestamp_get32()); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ((i % 8) == 7) { + srand(xdc_runtime_Timestamp_get32()); + } + } + + return 0; + } + +#elif defined(CUSTOM_RAND_GENERATE) + + /* Implement your own random generation function + * word32 rand_gen(void); + * #define CUSTOM_RAND_GENERATE rand_gen */ + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + for (i = 0; i < sz; i++ ) + output[i] = CUSTOM_RAND_GENERATE(); + + return 0; + } + +#elif defined(NO_DEV_RANDOM) + +#error "you need to write an os specific wc_GenerateSeed() here" + +/* +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + return 0; +} +*/ + + +#else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */ + + +/* may block */ +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int ret = 0; + + os->fd = open("/dev/urandom",O_RDONLY); + if (os->fd == -1) { + /* may still have /dev/random */ + os->fd = open("/dev/random",O_RDONLY); + if (os->fd == -1) + return OPEN_RAN_E; + } + + while (sz) { + int len = (int)read(os->fd, output, sz); + if (len == -1) { + ret = READ_RAN_E; + break; + } + + sz -= len; + output += len; + + if (sz) { +#ifdef BLOCKING + sleep(0); /* context switch */ +#else + ret = RAN_BLOCK_E; + break; +#endif + } + } + close(os->fd); + + return ret; +} + +#endif /* USE_WINDOWS_API */ +#endif /* HAVE_FIPS */ + diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 21dc64cd5..1b9ffc30e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -29,11 +29,7 @@ #include - -#ifdef __cplusplus - extern "C" { -#endif - +#ifdef HAVE_FIPS int wc_InitRsaKey(RsaKey* key, void* ptr) { return InitRsaKey(key, ptr); @@ -127,7 +123,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, } - int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) + int RsaKey*ToDer(RsaKey* key, byte* output, word32 inLen) { return RsaKeyToDer(key, output, inLen); } @@ -237,12 +233,833 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #endif /* FIPS_NO_WRAPPERS */ #endif /* HAVE_FIPS */ +#else +#include +#include +#include +#include - -#ifdef __cplusplus - } /* extern "C" */ +#ifdef SHOW_GEN + #ifdef FREESCALE_MQX + #include + #else + #include + #endif #endif +#ifdef HAVE_CAVIUM + static int InitCaviumRsaKey(RsaKey* key, void* heap); + static int FreeCaviumRsaKey(RsaKey* key); + static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); +#endif +enum { + RSA_PUBLIC_ENCRYPT = 0, + RSA_PUBLIC_DECRYPT = 1, + RSA_PRIVATE_ENCRYPT = 2, + RSA_PRIVATE_DECRYPT = 3, + + RSA_BLOCK_TYPE_1 = 1, + RSA_BLOCK_TYPE_2 = 2, + + RSA_MIN_SIZE = 512, + RSA_MAX_SIZE = 4096, + + RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ +}; + + +int wc_InitRsaKey(RsaKey* key, void* heap) +{ +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return InitCaviumRsaKey(key, heap); +#endif + + key->type = -1; /* haven't decided yet */ + key->heap = heap; + +/* TomsFastMath doesn't use memory allocation */ +#ifndef USE_FAST_MATH + key->n.dp = key->e.dp = 0; /* public alloc parts */ + + key->d.dp = key->p.dp = 0; /* private alloc parts */ + key->q.dp = key->dP.dp = 0; + key->u.dp = key->dQ.dp = 0; +#endif + + return 0; +} + + +int wc_FreeRsaKey(RsaKey* key) +{ + (void)key; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return FreeCaviumRsaKey(key); +#endif + +/* TomsFastMath doesn't use memory allocation */ +#ifndef USE_FAST_MATH + if (key->type == RSA_PRIVATE) { + mp_clear(&key->u); + mp_clear(&key->dQ); + mp_clear(&key->dP); + mp_clear(&key->q); + mp_clear(&key->p); + mp_clear(&key->d); + } + mp_clear(&key->e); + mp_clear(&key->n); +#endif + + return 0; +} + +static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, + word32 pkcsBlockLen, byte padValue, RNG* rng) +{ + if (inputLen == 0) + return 0; + + pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ + pkcsBlock++; pkcsBlockLen--; + pkcsBlock[0] = padValue; /* insert padValue */ + + if (padValue == RSA_BLOCK_TYPE_1) + /* pad with 0xff bytes */ + XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); + else { + /* pad with non-zero random bytes */ + word32 padLen = pkcsBlockLen - inputLen - 1, i; + int ret = RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); + + if (ret != 0) + return ret; + + /* remove zeros */ + for (i = 1; i < padLen; i++) + if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; + } + + pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ + XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); + + return 0; +} + + +/* UnPad plaintext, set start to *output, return length of plaintext, + * < 0 on error */ +static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, + byte **output, byte padValue) +{ + word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, + invalid = 0, + i = 1, + outputLen; + + if (pkcsBlock[0] != 0x0) /* skip past zero */ + invalid = 1; + pkcsBlock++; pkcsBlockLen--; + + /* Require block type padValue */ + invalid = (pkcsBlock[0] != padValue) || invalid; + + /* verify the padding until we find the separator */ + if (padValue == RSA_BLOCK_TYPE_1) { + while (i maxOutputLen) || invalid; + + if (invalid) { + WOLFSSL_MSG("RsaUnPad error, bad formatting"); + return RSA_PAD_E; + } + + *output = (byte *)(pkcsBlock + i); + return outputLen; +} + + +static int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, + int type, RsaKey* key) +{ + #define ERROR_OUT(x) { ret = (x); goto done;} + + mp_int tmp; + int ret = 0; + word32 keyLen, len; + + if (mp_init(&tmp) != MP_OKAY) + return MP_INIT_E; + + if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY) + ERROR_OUT(MP_READ_E); + + if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { + #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ + if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY) + ERROR_OUT(MP_EXPTMOD_E); + #else + #define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; } + + mp_int tmpa, tmpb; + + if (mp_init(&tmpa) != MP_OKAY) + ERROR_OUT(MP_INIT_E); + + if (mp_init(&tmpb) != MP_OKAY) { + mp_clear(&tmpa); + ERROR_OUT(MP_INIT_E); + } + + /* tmpa = tmp^dP mod p */ + if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY) + INNER_ERROR_OUT(MP_EXPTMOD_E); + + /* tmpb = tmp^dQ mod q */ + if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY) + INNER_ERROR_OUT(MP_EXPTMOD_E); + + /* tmp = (tmpa - tmpb) * qInv (mod p) */ + if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) + INNER_ERROR_OUT(MP_SUB_E); + + if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY) + INNER_ERROR_OUT(MP_MULMOD_E); + + /* tmp = tmpb + q * tmp */ + if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY) + INNER_ERROR_OUT(MP_MUL_E); + + if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) + INNER_ERROR_OUT(MP_ADD_E); + + inner_done: + mp_clear(&tmpa); + mp_clear(&tmpb); + + if (ret != 0) return ret; + + #endif /* RSA_LOW_MEM */ + } + else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { + if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY) + ERROR_OUT(MP_EXPTMOD_E); + } + else + ERROR_OUT(RSA_WRONG_TYPE_E); + + keyLen = mp_unsigned_bin_size(&key->n); + if (keyLen > *outLen) + ERROR_OUT(RSA_BUFFER_E); + + len = mp_unsigned_bin_size(&tmp); + + /* pad front w/ zeros to match key length */ + while (len < keyLen) { + *out++ = 0x00; + len++; + } + + *outLen = keyLen; + + /* convert */ + if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) + ERROR_OUT(MP_TO_E); + +done: + mp_clear(&tmp); + return ret; +} + + +int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key, RNG* rng) +{ + int sz, ret; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); + if (sz > (int)outLen) + return RSA_BUFFER_E; + + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) + return RSA_BUFFER_E; + + ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); + if (ret != 0) + return ret; + + if ((ret = wc_RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0) + sz = ret; + + return sz; +} + + +int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) +{ + int ret; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + + if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) + < 0) { + return ret; + } + + return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); +} + + +int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key) +{ + int plainLen; + byte* tmp; + byte* pad = 0; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); +#endif + + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); + if (tmp == NULL) { + return MEMORY_E; + } + + XMEMCPY(tmp, in, inLen); + + if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) { + XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; + } + if (plainLen > (int)outLen) + plainLen = BAD_FUNC_ARG; + else + XMEMCPY(out, pad, plainLen); + XMEMSET(tmp, 0x00, inLen); + + XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; +} + + +/* for Rsa Verify */ +int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) +{ + int ret; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + + if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) + < 0) { + return ret; + } + + return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); +} + + +int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key) +{ + int plainLen; + byte* tmp; + byte* pad = 0; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); +#endif + + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); + if (tmp == NULL) { + return MEMORY_E; + } + + XMEMCPY(tmp, in, inLen); + + if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) { + XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; + } + + if (plainLen > (int)outLen) + plainLen = BAD_FUNC_ARG; + else + XMEMCPY(out, pad, plainLen); + XMEMSET(tmp, 0x00, inLen); + + XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; +} + + +/* for Rsa Sign */ +int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key, RNG* rng) +{ + int sz, ret; + +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); + if (sz > (int)outLen) + return RSA_BUFFER_E; + + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) + return RSA_BUFFER_E; + + ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); + if (ret != 0) + return ret; + + if ((ret = wc_RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0) + sz = ret; + + return sz; +} + + +int wc_RsaEncryptSize(RsaKey* key) +{ +#ifdef HAVE_CAVIUM + if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) + return key->c_nSz; +#endif + return mp_unsigned_bin_size(&key->n); +} + + +int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz) +{ + int sz, ret; + + if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL) + return BAD_FUNC_ARG; + + sz = mp_unsigned_bin_size(&key->e); + if ((word32)sz > *nSz) + return RSA_BUFFER_E; + ret = mp_to_unsigned_bin(&key->e, e); + if (ret != MP_OKAY) + return ret; + *eSz = (word32)sz; + + sz = mp_unsigned_bin_size(&key->n); + if ((word32)sz > *nSz) + return RSA_BUFFER_E; + ret = mp_to_unsigned_bin(&key->n, n); + if (ret != MP_OKAY) + return ret; + *nSz = (word32)sz; + + return 0; +} + + +#ifdef WOLFSSL_KEY_GEN + +static const int USE_BBS = 1; + +static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) +{ + int err, res, type; + byte* buf; + + (void)heap; + if (N == NULL || rng == NULL) + return BAD_FUNC_ARG; + + /* get type */ + if (len < 0) { + type = USE_BBS; + len = -len; + } else { + type = 0; + } + + /* allow sizes between 2 and 512 bytes for a prime size */ + if (len < 2 || len > 512) { + return BAD_FUNC_ARG; + } + + /* allocate buffer to work with */ + buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA); + if (buf == NULL) { + return MEMORY_E; + } + XMEMSET(buf, 0, len); + + do { +#ifdef SHOW_GEN + printf("."); + fflush(stdout); +#endif + /* generate value */ + err = RNG_GenerateBlock(rng, buf, len); + if (err != 0) { + XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return err; + } + + /* munge bits */ + buf[0] |= 0x80 | 0x40; + buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); + + /* load value */ + if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) { + XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return err; + } + + /* test */ + if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) { + XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return err; + } + } while (res == MP_NO); + +#ifdef LTC_CLEAN_STACK + XMEMSET(buf, 0, len); +#endif + + XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return 0; +} + + +/* Make an RSA key for size bits, with e specified, 65537 is a good e */ +int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) +{ + mp_int p, q, tmp1, tmp2, tmp3; + int err; + + if (key == NULL || rng == NULL) + return BAD_FUNC_ARG; + + if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) + return BAD_FUNC_ARG; + + if (e < 3 || (e & 1) == 0) + return BAD_FUNC_ARG; + + if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) + return err; + + err = mp_set_int(&tmp3, e); + + /* make p */ + if (err == MP_OKAY) { + do { + err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ + + if (err == MP_OKAY) + err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ + + if (err == MP_OKAY) + err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ + } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */ + } + + /* make q */ + if (err == MP_OKAY) { + do { + err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ + + if (err == MP_OKAY) + err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ + + if (err == MP_OKAY) + err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ + } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */ + } + + if (err == MP_OKAY) + err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); + + if (err == MP_OKAY) + err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); + + if (err == MP_OKAY) + err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ + + if (err == MP_OKAY) + err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ + + /* make key */ + if (err == MP_OKAY) + err = mp_set_int(&key->e, e); /* key->e = e */ + + if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ + err = mp_invmod(&key->e, &tmp1, &key->d); + + if (err == MP_OKAY) + err = mp_mul(&p, &q, &key->n); /* key->n = pq */ + + if (err == MP_OKAY) + err = mp_sub_d(&p, 1, &tmp1); + + if (err == MP_OKAY) + err = mp_sub_d(&q, 1, &tmp2); + + if (err == MP_OKAY) + err = mp_mod(&key->d, &tmp1, &key->dP); + + if (err == MP_OKAY) + err = mp_mod(&key->d, &tmp2, &key->dQ); + + if (err == MP_OKAY) + err = mp_invmod(&q, &p, &key->u); + + if (err == MP_OKAY) + err = mp_copy(&p, &key->p); + + if (err == MP_OKAY) + err = mp_copy(&q, &key->q); + + if (err == MP_OKAY) + key->type = RSA_PRIVATE; + + mp_clear(&tmp3); + mp_clear(&tmp2); + mp_clear(&tmp1); + mp_clear(&q); + mp_clear(&p); + + if (err != MP_OKAY) { + wc_FreeRsaKey(key); + return err; + } + + return 0; +} + + +#endif /* WOLFSSL_KEY_GEN */ + + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RSA for use with Nitrox device */ +int RsaInitCavium(RsaKey* rsa, int devId) +{ + if (rsa == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) + return -1; + + rsa->devId = devId; + rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC; + + return 0; +} + + +/* Free RSA from use with Nitrox device */ +void wc_RsaFreeCavium(RsaKey* rsa) +{ + if (rsa == NULL) + return; + + CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); + rsa->magic = 0; +} + + +/* Initialize cavium RSA key */ +static int InitCaviumRsaKey(RsaKey* key, void* heap) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + key->heap = heap; + key->type = -1; /* don't know yet */ + + key->c_n = NULL; + key->c_e = NULL; + key->c_d = NULL; + key->c_p = NULL; + key->c_q = NULL; + key->c_dP = NULL; + key->c_dQ = NULL; + key->c_u = NULL; + + key->c_nSz = 0; + key->c_eSz = 0; + key->c_dSz = 0; + key->c_pSz = 0; + key->c_qSz = 0; + key->c_dP_Sz = 0; + key->c_dQ_Sz = 0; + key->c_uSz = 0; + + return 0; +} + + +/* Free cavium RSA key */ +static int FreeCaviumRsaKey(RsaKey* key) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + + return InitCaviumRsaKey(key, key->heap); /* reset pointers */ +} + + +static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, + (word16)inLen, key->c_n, key->c_e, (byte*)in, out, + &requestId, key->devId); + if (ret != 0) { + WOLFSSL_MSG("Cavium Enc BT2 failed"); + return -1; + } + return key->c_nSz; +} + + +static INLINE void ato16(const byte* c, word16* u16) +{ + *u16 = (c[0] << 8) | (c[1]); +} + + +static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, + key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, &outSz, out, &requestId, key->devId); + if (ret != 0) { + WOLFSSL_MSG("Cavium CRT Dec BT2 failed"); + return -1; + } + ato16((const byte*)&outSz, &outSz); + + return outSz; +} + + +static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < + (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, + key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, out, &requestId, key->devId); + if (ret != 0) { + WOLFSSL_MSG("Cavium CRT Enc BT1 failed"); + return -1; + } + return key->c_nSz; +} + + +static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, + key->c_n, key->c_e, (byte*)in, &outSz, out, + &requestId, key->devId); + if (ret != 0) { + WOLFSSL_MSG("Cavium Dec BT1 failed"); + return -1; + } + outSz = ntohs(outSz); + + return outSz; +} + + +#endif /* HAVE_CAVIUM */ + +#endif /* HAVE_FIPS */ #endif /* NO_RSA */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index bb2f1d944..2f23b2944 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -26,11 +26,7 @@ #include #include -#ifdef WOLFSSL_SHA512 - -#ifdef __cplusplus - extern "C" { -#endif +#if defined(WOLFSSL_SHA512) || defined(CYASSL_SHA512) int wc_InitSha512(Sha512* sha) { @@ -55,7 +51,7 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* out) return Sha512Hash(data, len, out); } -#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) +#if defined(CYASSL_SHA384) || defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) int wc_InitSha384(Sha384* sha) { @@ -82,9 +78,5 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* out) #endif /* WOLFSSL_SHA384 */ -#ifdef __cplusplus - } /* extern "C" */ -#endif - #endif /* WOLFSSL_SHA512 */